CVE-2025-8177

Summary

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
n/aLibTIFF4.0affected
n/aLibTIFF4.1affected
n/aLibTIFF4.2affected
n/aLibTIFF4.3affected
n/aLibTIFF4.4affected
n/aLibTIFF4.5affected
n/aLibTIFF4.6affected
n/aLibTIFF4.7.0affected

Weaknesses

  • CWE-120: Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References